Mark Minasi, (windows server guru, and serial author) recommended
using a passphrase, not a password, and that the phrase should have
at least 14 characters. He claims that a brute force attack on that
trying various passwords incrementally will take years (without using
numbers or $p3c1al characters.) Using some numbers and special
characters adds very little to the time to crack when you have 14
character length.
On Active Directory, I just set the requirements to 14 characters and
turned off the others. We had successful ph ishing attacks a couple
of times on win XP users, but nobody ever cracked a password. On one
new server that was set up by the "experts" they left it wide open to
the internet with a simple password (short) so they could easily
remote into it. The first thing we did when they left was to
change the password to a 14 character passphrase. Within 24 hours,
someone was hammering on it trying to break the user name/pas sword.
We figured out it was from one of the northern territories formerly
controlled by Crazy Uncle Jozef (Stall in). We let them play for a
few days but eventually grew tired of watching their failures, so we
closed the access except for a couple of IP addresses. That ended
that.
I wouldn't change email address, just increase the complexity of your email
account password. I like "diceware" for picking complex passwords.
Get three dice (or use a random number generator) and a paper dictionary.
Roll the dice, open dictionary to corresponding page. Pick the first 4 or
5 letter word on that page. Repeat until you have three or four words.
String them together, mix in upper and lower case, replace letters with
numbers or special characters. Add some punctuation, and voila, a password
that no brute force attack will penetrate in this century.
When I sit down with the dictionary and pick words, I fill up a sheet with
strings of three words, and then rotate through those as needed.
I recommend you write down your new password, unless your memory is better
than mine.
If your email provider will allow two-factor authentication for password
changes, that would also be helpful.
-------------
Max
Charleston SC
On Sat, Dec 5, 2015 at 7:21 PM, Craig via Mercedes <mercedes@okiebenz.com>
wrote:
I got a virus email today at my address used on the list. (I've deleted
the "ZIP" file that was attached to the email.)
Hmmm ...
I guess I may have to change my email address.
In addition, I received a couple of days ago a letter from the Office of
Personnel Management that my information was part of that stolen during
their recent hack attack. At least they are offering identity theft
protection.
Craig
============================================
Begin forwarded message:
Date: Sat, 5 Dec 2015 03:32:44 -0700
From: "America Airlines" <ord...@santanasalsa.com>
To: diese...@pisquared.net
Subject: Your ticket order #00000675441 approved
Dear customer,
Your order was successfully processed.
E-Ticket is attached to this email.
Order summary:
FLIGHT NUMBER / MO927369
DATE & TIME / Dec 09 2015, 17:50
DEPARTING / Charlotte
TOTAL PRICE / $ 340.00
Thank you for flying with America Airlines.
_______________________________________
http://www.okiebenz.com
To search list archives http://www.okiebenz.com/archive/
To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
_______________________________________
http://www.okiebenz.com
To search list archives http://www.okiebenz.com/archive/
To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
_______________________________________
http://www.okiebenz.com
To search list archives http://www.okiebenz.com/archive/
To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
